From 8468daaedb500c95a1143c0aff32ee4459a0f44f Mon Sep 17 00:00:00 2001 From: jose nazario Date: Wed, 12 Jul 2017 16:23:50 -0400 Subject: [PATCH 1/3] new Dockerfile --- Dockerfile | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 Dockerfile diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..1a6d0d4 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,34 @@ +# +# This Docker image encapsulates Maltrieve, a tool to retrieve malware +# directly from the source for security researchers. +# which was created by Kyle Maxwell (krmaxwell) and is +# available at https://github.com/krmaxwell/maltrieve. +# +# The file below is based on ideas from Spenser Reinhardt's Dockerfile +# (https://registry.hub.docker.com/u/sreinhardt/honeynet/dockerfile) +# and on instructions outlined by M. Fields (@shakey_1). +# +# To run this image after installing Docker, use a command like this: +# +# sudo docker run --rm -it technoskald/maltrieve + +FROM python:2.7 +MAINTAINER Michael Boman + +RUN groupadd -r maltrieve && \ + useradd -r -g maltrieve -d /home/maltrieve -s /sbin/nologin -c "Maltrieve User" maltrieve + +WORKDIR /home/maltrieve +ADD . /home/maltrieve +RUN pip install -r requirements.txt && \ + chown -R maltrieve:maltrieve /home/maltrieve + +RUN mkdir /archive && \ + chown maltrieve:maltrieve /archive + +USER maltrieve +ENV HOME /home/maltrieve +ENV USER maltrieve +WORKDIR /home/maltrieve +ENTRYPOINT ["maltrieve"] +CMD ["-d", "/archive/samples", "-l", "/archive/maltrieve.log"] From 95c195d24ecb9132d464eb54e956842180b02b66 Mon Sep 17 00:00:00 2001 From: jose nazario Date: Wed, 12 Jul 2017 16:24:42 -0400 Subject: [PATCH 2/3] delete old Dockerfile --- docker/Dockerfile | 49 ----------------------------------------------- 1 file changed, 49 deletions(-) delete mode 100644 docker/Dockerfile diff --git a/docker/Dockerfile b/docker/Dockerfile deleted file mode 100644 index 195affd..0000000 --- a/docker/Dockerfile +++ /dev/null @@ -1,49 +0,0 @@ -# -# This Docker image encapsulates Maltrieve, a tool to retrieve malware -# directly from the source for security researchers. -# which was created by Kyle Maxwell (krmaxwell) and is -# available at https://github.com/krmaxwell/maltrieve. -# -# The file below is based on ideas from Spenser Reinhardt's Dockerfile -# (https://registry.hub.docker.com/u/sreinhardt/honeynet/dockerfile) -# and on instructions outlined by M. Fields (@shakey_1). -# -# To run this image after installing Docker, use a command like this: -# -# sudo docker run --rm -it technoskald/maltrieve - -FROM ubuntu:14.04 -MAINTAINER Michael Boman - -USER root -RUN apt-get update && \ - apt-get dist-upgrade -y -RUN apt-get install -y --no-install-recommends \ - gcc \ - git \ - libpython2.7-stdlib \ - python2.7 \ - python2.7-dev \ - python-pip \ - python-setuptools -RUN rm -rf /var/lib/apt/lists/* && \ - pip install --upgrade pip && \ - groupadd -r maltrieve && \ - useradd -r -g maltrieve -d /home/maltrieve -s /sbin/nologin -c "Maltrieve User" maltrieve - -WORKDIR /home -RUN git clone https://github.com/krmaxwell/maltrieve.git && \ - cd maltrieve && \ - git checkout dev && \ - pip install -e . && \ - chown -R maltrieve:maltrieve /home/maltrieve - -RUN mkdir /archive && \ - chown maltrieve:maltrieve /archive - -USER maltrieve -ENV HOME /home/maltrieve -ENV USER maltrieve -WORKDIR /home/maltrieve -ENTRYPOINT ["maltrieve"] -CMD ["-d", "/archive/samples", "-l", "/archive/maltrieve.log"] From 48f62551bd654da53ed8e9aa3c80540a2eb00721 Mon Sep 17 00:00:00 2001 From: jose nazario Date: Wed, 12 Jul 2017 18:37:52 -0400 Subject: [PATCH 3/3] Create .dockerignore --- .dockerignore | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 .dockerignore diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..52a0135 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,5 @@ +Dockerfile +LICENSE +circle.yml +README.md +.git